Our vulnerability assessment has shown that we are potentially vulnerable to Layer 7 DoS attacks like slow http post (http://tinyurl.com/3l4fnjg) or slow http headers (http://tinyurl.com/lgph8j). I'm wondering if there is anything we can do at the ASA or IPS level to alleviate these potential issues?
TCP Intercept sounds like a possibility, but not sure if it's geared more toward a true DoS attack rather than these layer 7 types?
Here is what we've been told the weaknesses are and the recommended steps to mitigate the issue, but I'm not really sure where/how to do it:
1) Allowing a server connection to stay open for an unlimited amount of time (no absolute timeout)
-Solution: Apply an absolute timeout
2) Allowing excessive/unneeded content (no max data threshold)
-Solution: Apply a max data threshold based on the form requirements
3) Allowing message content to be sent separately at extremely slow speeds (no minimum speed rate)
-Solution: Apply acceptable minimum speed rate for requests
Any help or pointers would be greatly appreciated!